Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities.

Ransomware 136

Ransomware Surveillance Healthcare Accountability 136

SecureList

MARCH 13, 2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Nevertheless, iPhone users fearing surveillance should always keep a close eye on their device.

Mobile 108

Mobile Passwords Surveillance Technology 108

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

Security Affairs

NOVEMBER 18, 2024

Billion), 2023 Meta’s record-breaking fine stems from its failure to safeguard data transfers between the EU and the U.S. government surveillance. Billion ($1.4 After the invalidation of the EU-U.S. This massive fine, the largest ever under GDPR, highlights the need for companies to adapt quickly to regulatory changes.

Data privacy 130

Data privacy Risk Surveillance Government 130

Zero Day

JUNE 22, 2025

Here's how to check if your accounts are at risk and what to do next. You should always use different and strong, complex passwords to secure your accounts (another area a password manager can help), and this is why: once one service is compromised, the same password and user combination could lead to an exposed account elsewhere. 

Passwords 101

Passwords Data breaches Password Management Accountability 101

Zero Day

JUNE 20, 2025

Here's how to check if your accounts are at risk and what to do next. You should always use different and strong, complex passwords to secure your accounts (another area a password manager can help), and this is why: once one service is compromised, the same password and user combination could lead to an exposed account elsewhere. 

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Security Affairs

JANUARY 7, 2024

“The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” During one of the most recent campaigns in 2023, the APT group employed a reverse TCP shell named SnappyTCP to target Linux/Unix systems. Enable 2FA on all externally exposed accounts.

Accountability 141

Accountability Media Telecommunications Government 141

Security Boulevard

FEBRUARY 17, 2025

The more accounts you have, the bigger your attack surface and potential exposure to data breaches. Tips for finding old accounts. Surveillance Tech in the News This section covers surveillance technology and methods in the news. Malware campaigns covered generally target/affect the end user.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 127

Artificial Intelligence Data breaches Scams Insurance 127

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. As expected, Ukraine topped the list, accounting for 40% of the activity.” The campaigns targeted at least thirteen separate nations.

Malware 143

Malware Phishing Surveillance Internet 143

Malwarebytes

JUNE 7, 2024

Moving forward, Google will link the Location information to the devices you use, rather than to the user account(s). After some digging, I learned that my Google account was added to my wife’s phone’s accounts when I logged in on the Play Store on her phone. That issue should be solved by implementing this new policy.

Accountability 138

Accountability Surveillance VPN Mobile 138

Security Affairs

APRIL 13, 2023

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products.

Surveillance 98

Surveillance Education Media Hacking 98

CyberSecurity Insiders

JANUARY 8, 2023

WhatsApp, the messaging platform now owned by Facebook parent Meta, has made it official that its users will now-on be allowed to connect their accounts to proxy servers. Under such circumstances, online users often take help of proxy servers and this is what the Facebook subsidiary will allow for free from February 2023.

Internet 113

Internet Surveillance Internet Government 113

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits to deliver its Pegasus spyware. and 15.6 ( FINDMYPWN ), and 16.0.3 ( PWNYOURHOME ).”

Surveillance 98

Surveillance Spyware Education Risk 98

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions.

Malware 118

Malware Government Software Spyware 118

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Data breaches 131

Data breaches Surveillance Cryptocurrency Ransomware 131

Security Affairs

FEBRUARY 11, 2024

Cybersecurity Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917) – Update to 2023.11.3

Spyware 128

Spyware Surveillance DDOS Identity Theft 128

Security Affairs

SEPTEMBER 24, 2023

0-days exploited by commercial surveillance vendor in Egypt PREDATOR IN THE WIRES OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Cybersecurity Apple and Google Are Introducing New Ways to Defeat Cell Site Simulators, But Is it Enough?

Cyber Attacks 124

Cyber Attacks Firewall Data breaches Telecommunications 124

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 98

Data breaches Spyware Surveillance Cybercrime 98

Malwarebytes

MARCH 26, 2024

Federal US authorities have asked Google for the names, addresses, telephone numbers, and user activity of accounts that watched certain YouTube videos, according to unsealed court documents Forbes has seen. This type of digital dragnets go against the fourth amendment: freedom from unreasonable searches.

VPN 145

VPN Surveillance Mobile Accountability 145

Security Affairs

MARCH 26, 2023

If you want to also receive for free the newsletter with the international press subscribe here.

Data breaches 98

Data breaches DDOS Backups Hacking 98

BH Consulting

DECEMBER 11, 2023

These practices can lead to account compromise, or enabling unauthorised users to access sensitive data and escalate privileges. Cloud security was also a theme in Microsoft’s ‘Cybersecurity Trends in Ireland 2023’ report. Sounds like excessive surveillance? The move had been in the works for a while.

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Malwarebytes

OCTOBER 11, 2023

It’s spying when governments do it through opaque, mass surveillance regimes, it’s spying when companies do it through shadowy data broker networks that braid together disparate streams of information, and it’s spying when private individuals do it through unseen behavior on personal devices.

Surveillance 130

Surveillance Passwords Software Technology 130

Security Affairs

MAY 2, 2023

TBK Vision is a video surveillance company that provides network CCTV devices and other related equipment, including DVRs for the protection of critical infrastructure facilities. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. ” reads the advisory published by Fortinet.

Authentication 98

Authentication Surveillance Retail Education 98

SecureWorld News

NOVEMBER 30, 2023

The flaw, tracked as CVE-2023-6345 , marks the sixth Chrome Zero-Day exploit in 2023 and showcases a growing trend in major browsers suffering Zero-Day attacks. Surveillance players have realized that targeting browsers provides extensive monitoring of victims while avoiding app store defenses.

Spyware 112

Spyware Surveillance Malware Risk 112

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 129

Data breaches Ransomware Hacking Financial Services 129

Security Affairs

JANUARY 2, 2023

Given the vast level of tracking and surveillance that technology companies can embed into their widely used products, it is only fair that consumers be informed of how important user data, including information about their every move, is gathered, tracked, and utilized by these companies. The IT giant will pay $9.5 million to D.C.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 98

Data breaches DDOS Ransomware Hacking 98

Malwarebytes

FEBRUARY 28, 2024

The attackers, who targeted the MSP’s network from October 2023 to January 2024, silently monitored and manipulated the network for months, leveraging legitimate remote access tools like AnyDesk and TeamViewer and attempting to install malware like Remcos RAT and AsyncRAT. Detection of malware leveraging RMM tools.

Malware 106

Malware DNS Surveillance Backups 106

Centraleyes

DECEMBER 21, 2023

Ubiquiti, a leading networking and video surveillance camera manufacturer, has successfully resolved a bug that inadvertently allowed users access to other customers’ accounts and private live video streams. According to Ubiquiti, 1,216 accounts from one group were improperly associated with another group of 1,177 accounts.

Surveillance 52

Surveillance Accountability Manufacturing Technology 52

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. Using a malicious script, the attackers redirected their targets’ incoming email to an email address controlled by the attackers, gathering data from the compromised accounts.

Hacking 141

Hacking Energy and Utilities Malware Media 141

eSecurity Planet

MARCH 4, 2024

However, Avast disclosed that their researchers discovered and reported the vulnerability in August 2023 after reverse-engineering a rootkit deployed by the infamous North Korean hacking group dubbed Lazarus. Patched in June 2023 , the vulnerability wasn’t noteworthy at the time, although attacks can gain SYSTEM level access.

IoT 117

IoT Internet Internet Ransomware 117

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 117

Banking Malware Computers and Electronics Mobile 117

SecureList

JUNE 20, 2023

These vulnerabilities could allow an attacker to gain unauthorized access to the device and steal sensitive information, such as video footage, potentially turning the feeder into a surveillance tool. A hard-coded root password is a significant security issue because all devices of the same model share the same root password.

Firmware 106

Firmware Manufacturing Passwords Mobile 106

DoublePulsar

APRIL 20, 2023

So in this piece we shall dig into the details using open source intelligence, and prove Capita was penetrated by Black Basta ransomware group using Qakbot phishing to deliver hands on keyboard access for weeks — and question if the playbooks organisations are using to handle ransomware groups are fit for purpose in 2023. Go in hard.

Ransomware 135

Ransomware Government Data breaches Marketing 135